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REMARKS 

The Examiner has rejected Claims 1-5, 8-14,1 8-23, 26-32, 36 and 39 under 35 
U.S.C. 103(a) as being unpatentable over Fox et al. (U.S. Patent No. 6,883,101) in view 
of Converse et al. (U.S. Patent Publication No. 2002/0143963). The Examiner has 
rejected Claims 37-38 et al. under 35 U.S.C. 103(a) as being unpatentable over Fox in 
view of Converse, in further view of Applicant Admitted Prior Art. 

With respect to each of the independent claims, the Examiner has relied, in part, 
on Col. 3, line 19-Col. 4, line 4; Figure 8B; Col. 6, lines 1-40; and Col. 4, lines 18-20 in 
Fox to make a prior art showing of applicant's claimed "initiating a risk assessment scan 
on a target from a remote source utilizing a network." Applicant notes that the Examiner 
has argued that such excerpts teach "network risk/vulnerability analyzer programs 
assessing risk on the network nodes remotely" (emphasis added). Applicant, however, 
claims that the "risk assessment scan [is] on a target" and that the scan is only initiated 
remotely. Clearly, assessing vulnerabilities remotely teaches away from running a risk 
assessment scan on a target, in the manner claimed by applicant. 

Nevertheless, for further clarification of such distinction, applicant has amended 
each of the independent claims to include the "risk assessment scan at and on a target" 

Still with respect to each of the independent claims, the Examiner has relied, in 
part, on Col. 4, lines 1 8-20; Col. 6, lines 1-39; and Col. 7, lines 42-46 in Fox to make a 
prior art showing of applicant's claimed "determining whether the risk assessment scan 
on the target involves an intermediate device coupled between the target and the remote 
source. . . wherein a plurality of procedures are utilized to determine whether the risk 
assessment scan involves the intermediate device" (Claims 1 et al.) and "executing a 
plurality of procedures to determine whether the risk assessment scan on the target 
involves a proxy server coupled between the target and the remote source" (Claims 37 et 
al.). 
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Applicant respectfully asserts that such excerpts only disclose "merging results 
from the network vulnerability analysis programs and determining the vulnerability 
posture of the network" (Col. 4, lines 18-20), "data gathering,]... building a model, and 
perform[ing] analyses on the model" (Col. 6, lines 1-39), and "filters... [that] allow only 
that data required by a respective network vulnerability programs to be exported to the 
tool (program)" (Col. 7, lines 42-46). 

Clearly, such excerpts do not even suggest ' 'determining whether the risk 
assessment scan on the target involves an in termediate device coupled between the target 
and the remote source., .[utilizing a] plurality of procedures," in the manner claimed by 
applicant (Claim 1 et al.-emphasis added) or "executing a plurality of procedures to 
rtetennfae whether the risk assessment scan on the target involves a proxy server coupled 
between the target and the remote source" (Claims 37 et al.-emphasis added). In fact, 
applicant notes that nowhere in the entire Fox reference is there even a dcterrnination of 
whether a scan involves an intermediate device, and especially not in the specific manner 
claimed by applicant. 

Furthermore, the Examiner has relied on Col. 2, lines 56-63 in Fox to make a 
prior art showing of applicant's claimed "receiving results of the risk assessment scan 
from the target utilizing the network," Applicant respectfully asserts that such excerpt 
only discloses "generating] system models used by analysis tools" and that "a tool can 
. actively scan a computer network to test various vulnerabilities." Clearly, such teachings 
do not even relate to any sort of results . In addition, since Fox only teaches risk 
assessment scans performed remotely, results of the risk assessment scan could not be 
received from the target on which the scan was performed, in the context claimed by 
applicant. 

The Examiner has also relied on paragraphs [0025]-[0026] in Converse and Col. 
1 1 and Col. 12 in Fox to make a prior art showing of applicant's claimed "notifying an 
administrator if it is determined that the risk assessment scan on the target involves the 
intermediate device, wherein additional operations are carried out to improve a risk 
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assessment on the target in view of the presence of the intermediate device coupled 
between the target and the remote source" (Claim 1 et al.) and "notifying an adininistrator 
if the results of the risk assessment scan on the target are flagged; wherein additional 
operations are carried out to improve a risk assessment on the target in view of the 
presence of the proxy server coupled between the target and the remote source" (Claim 
37etaL). 

First, applicant respectfully asserts that the only notification disclosed in 
Converse relates to forwarding a request to software so that a software designer or web 
server administrator may decide whether to grant the request. Clearly, such disclosure 
does not even suggest a notification in Hie context claimed by applicant, namely when "it 
is determined that the risk assessment scan on the target involves the intermediate 
device" (Claim 1 et al.) and "the results of the risk assessment scan on the target are 
flagged" (Claim 37 et al.), in the contexts claimed by applicant. 

Second, Col. 1 1 and Col. 12 in Fox only relate to merging processing results 
among a plurality of risk assessment scanners. Simply nowhere in Fox is Hiere any 
teaching of " additional operations [that] are carried out to improve a risk assessment on 
the target in view of the nresence of the intermediate device coupled between the target 
and the remote source" (Claim 1 et al.) or "additional operations [that] are carried out to 
improve a risk assessment on the target in view of the presence of the proxy server 
coupled between the target and the remote source as claimed by applicant" (Claim 37 et 
al.) as claimed by applicant (emphasis added). 

Again, applicant respectfully asserts that at least the third element of the prima 
facie case of obviousness has not been met, since the prior art references, when 
combined, fail to teach or suggest all of the claim limitations, as noted above. A notice of 
allowance or a specific prior art showing of all of applicant's claim limitations, in 
combination with the renxaining claim elements, is respectfully requested. 
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Applicant further notes that the prior art is also deficient with respect to the 
dependent claims. Just by way of example, with respect to Claim 4 et al., the Examiner 
has relied on paragraphs [0025-0026] in Converse to make a prior art showing of 
applicant's claimed technique "wherein at least one of the procedures includes 
determining a port list associated with the risk assessment scan." Applicant .respectfully 
asserts that such excerpts only disclose "undesirable IP addresses." Clearly, IP addresses 
do not meet applicant's claimed "port list" 

With respect to Claim 5 et al., the Examiner has again relied on paragraphs [0025- 
0026] in Converse to make a prior art showing of applicant's claimed technique "wherein 
the at least one of the procedures further includes determining whether a value of a flag is 
different for communication attempts using at least two ports on the port list." The 
Examiner has specifically argued that such excerpts teach that "if the value of the flag is 
positive/IP address is not on the list/different..." First, applicant respectfully asserts that 
IP addresses do not even suggest a port list, as claimed. Second, Converse does not 
mention "communication attempts using at least two ports" and thus does not teach 
"deteiroining whether a value of a flag is different for communication attempts using at 
least two ports on the port list," as claimed by applicant (emphasis added). 

With respect to Claim 9 et al., the Examiner has relied on Claims 1 and 2 in 
Converse to make a prior art showing of applicant's claimed technique "wherein the at 
least one of the procedures further includes indicating that the risk assessment scan 
involves the intermediate device if the value of the flag is different for the 
communication attempts using the at least two ports on the port list." The Examiner has 
specifically argued that Converse teaches that "if the communication request IP address is 
different to the predetermined list, identifying the communication request node as 
unauthorized node/intermediate node." Applicant again respectfully asserts that IP 
addresses do not meet a port list as claimed by applicant. Furthermore, Converse does 
not even suggest "communication attempts using at least two ports" and thus does not 
meet applicant's claimed "indicating that the risk assessment scan involves the 
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intermediate device if the value of the flag is different for the communication attempts 



using the at least two ports on the port list," 

Since at least the third element of the prima facie case of obviousness has not 
been met, a notice of allowance or a proper prior art showing of all of the claim 
limitations, in the context of the remaining elements, is respectfully requested. 

Thus, all of the independent claims are deemed allowable. Moreover, the 
remaining dependent claims are further deemed allowable, in view of their dependence 
on such independent claims. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. The 
Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50-1351 (Order No. NAI1P012/01. 132.01). 



P.O. Box 721120 

San Jose, CA 95172-1120 

408-505-5100 




Respe^tfidly submitted, 



ZjJka*6jab, PC. 



.Zilka 

ition No. 41,429 
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